Barracuda Networks Launches Threatglass for Insight into Compromised Sites

Barracuda Networks announced the launch today of Threatglass, a frontend online tool for analyzing web-based malware.

According to Barracuda Networks, Threatglass permits users to graphically browse website infections cataloged by Barracuda’s system by viewing screenshots of the stages of infection, as well as by analyzing network characteristics such as host relationships and packet captures.

“Good sites gone bad is a daily problem for popular websites targeted by attackers and used to serve malware to their unsuspecting visitors,” said Dr. Paul Judge, chief research officer and vice president at Barracuda, in a statement. “Threatglass was designed for both casual users and the research community to provide a way to document and better understand this ongoing problem.”

According to the company, Threatglass is the frontend of a system that utilizes thousands of virtual machines to visit URLs in web browsers to see what happens to the browsers, their plugins and the operating systems. Without prior knowledge of specific exploits served to the browser or its extensions, the resulting network-level actions are recorded and analyzed to reveal whether the URLs serve malicious content, according to the company. 

Websites for inspection are sourced from multiple data feeds including the Alexa Top 25,000 sites, social feeds and suspicious websites from Barracuda’s customer network. In addition to screen captures of the infections, Threatglass displays different representations of network traffic, including DNS, HTTP and Netflow in graphical and textual formats. The system has cataloged approximately 10,000 live web-based malware attacks and adds new ones every day.

The visualization features also allow users to view charting and trending data of historical volumes and examine the relationships between different components of an attacker ring. Users can also submit websites for inspection and analysis.

Barracuda Labs’ malware detection engines have discovered numerous high-profile infections in the last few months and have published findings on Cracked.com, Php.net and Hasbro.com. Those examples and thousands of other infected websites now are visible through Threatglass, according to the company.